CVE-2018-2439

Name of the Vulnerable Software and Affected Versions SAP Internet Graphics Server (IGS) versions 7.20, 7.20EXT, 7.45, 7.49, 7.53

Description The issue is related to insufficient request validation in the SAP Internet Graphics Server (IGS), which can lead to the processing of invalid requests under certain conditions. Specifically, several areas of the SAP Internet Graphics Server (IGS) lack sufficient input validation, including the HTTP and RFC listener, the portwatcher when registering to the multiplexer, and the multiplexer itself. This insufficient validation allows a malformed data packet to cause a crash.

Recommendations For SAP Internet Graphics Server (IGS) versions 7.20, 7.20EXT, 7.45, 7.49, 7.53, consider restricting access to the HTTP and RFC listener, portwatcher, and multiplexer to minimize the risk of exploitation until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.